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Qualys QualysGuard Intranet Scanner 


TECH 


Not the world's cheapest vulnerability scanner but we liked this system. 


by Dave Mitchell, Techworld 


List Price: List price: appliance (£2,344 ex. VAT); unlimited scans on 10 IP addresses £3,872 (ex. VAT) 
Made by: Qualys 


Tel: Qualys 020 7643 2210 


Pros: Very deep scanning capabilities; ease of use; excellent reporting; remedial advice provided; no 
problems with Windows Server 2003 
Cons: Comparatively expensive 


Buying advice: The trust factor is never more important than with network security products and services. 


Vulnerability scanning on local networks is only now receiving a high profile and many vendors are 
keen to jump on the bandwagon so caution is advised. However, despite its high price the Qualys 
alternative looks to be one of the most sophisticated and capable services of its kind. 


Fears over network security and the ease with which it can be compromised have given rise to a 
plethora of managed services with anti-virus and email scanning prime examples. Qualys is a good 
example of this approach, offering a managed service that promises to tell you how vulnerable your 
network is to external attack. 


However, it is internal security that is now the hot topic as the majority of breaches occur within a 
company’s network. Consequently, Qualys has decided to bring its weight to bear on this problem by 
offering a new service that extends its vulnerability scanning capabilities behind the firewall and onto 
the local network. 


The Intranet Scanner product includes a small appliance that acts as a go-between for your network 
and the Qualys web-based services. It receives instructions from Qualys which tell it which systems 
are to be scanned and the tests to be carried out. On completion it passes all its findings back to 
Qualys where you can log-on to your private location on the website and view the results. 


During this review, Qualys went to some lengths to stress that the appliance does not store any 
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information about your network whatsoever so there’s no point in nicking it. 


Installation 

We found installation simple enough and you start by entering basic network details using the 
appliance’s control pad and LCD display panel. After entering information about our DHCP and proxy 
servers, along with SSL port number and account username and password, the appliance contacted 
Qualys and registered itself. From here on in you don’t need to touch the appliance again as you use 
the Qualys website to carry out all management, configuration and reporting. 


From your own home page you can enter the IP addresses you want scanned and the price of the 
service is determined by the number of addresses and scans required. Note that once entered you 
cannot change or delete the IP addresses yourself so if you want to scan new machines you'll have 
to purchase extra licenses. 


You determine the type of scan from the ‘preferences’ tab which offers full or partial scans and 
options for scanning the standard collection of around 1,800 TCP ports and adding additional port 
numbers. Five settings also determine the amount of network bandwidth the scan process is allowed 
to consume and the depth of scanning. 


The latter feature is where Qualys scores above and beyond the competition as it uses an attack 
database which lists many thousand of weaknesses and these are regularly updated whenever a 
new threat is identified. Any modifications are easily deployed as the database is downloaded to the 
appliance along with your parameters every time a scan is initiated. 


Even a brief glance at the scan results of our test network showed clearly how powerful the Qualys 
service is. Whereas ISS Internet Scanner 7.0 (IS7) spotted around a dozen security leaks or holes 
on some of our test servers, the Intranet Scanner found 129 vulnerabilities on only three Windows 
Server systems and none of these were trivial as we had deliberately left them open to attack. 
Qualys had no problems identifying and scanning our Windows Server 2003 systems. 


During testing of IS7 we discovered that not only was it unable to correctly identify this OS but 
couldn’t scan it either. Qualys doesn’t worry so much about OS identification but it certainly had no 
problems with this OS. Not only does it find vulnerabilities and threats but the Intranet Scanner 
advises on how to plug them as well. We were impressed with the extensive reporting tools provided 
on the website. 


During testing we encountered no problems with the Intranet Scanner and found it extremely easy to 
use. The comparatively high price will limit its appeal for small and medium businesses but it is 
undoubtedly a very sophisticated vulnerability scanning service that delivers a huge amount of easily 
accessible information about the state on your local network. 
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